SYSTEM Cited by 1 source

Kubernetes Ingress Controller for AWS

Definition

Kubernetes Ingress Controller for AWS (github.com/zalando-incubator/kube-ingress-aws-controller) is a Zalando-incubator Kubernetes controller that watches Ingress resources and provisions a matching AWS Application Load Balancer (ALB) with an ACM-issued TLS certificate automatically.

It complements Skipper (the in-cluster L7 proxy) and External DNS (the DNS sync controller) to form Zalando's "declare an Ingress, get an ALB + DNS + cert for free" platform primitive.

Responsibilities

• Observe Ingress resources; for each one, create/update an ALB in the cluster's AWS account.
• Discover ACM-issued certificates and bind the right cert to the ALB listener based on host matching.
• Point the ALB target group at the Skipper Service (or whichever proxy sits between the ALB and application pods).

Seen in

• sources/2020-06-30-zalando-launching-the-engineering-blog — Zalando's blog inherits an ALB + ACM cert + DNS record automatically from this controller (plus External DNS + Skipper) just by applying the blog's Ingress manifest. "The ACM certificate, HTTP/2 support, the S3 website response, and the enabled compression are visible when doing a curl request."

Comparable systems

• AWS Load Balancer Controller (aws-load-balancer-controller) — the AWS-official successor covering similar functionality as a first-party project.
• ingress-nginx — also watches Ingress objects but uses an in-cluster nginx rather than a cloud ALB.

Related

• systems/kubernetes · systems/aws-alb · systems/skipper-proxy · systems/external-dns
• companies/zalando